{"componentChunkName":"component---node-modules-gatsby-theme-document-src-templates-docs-js","path":"/openvpn","result":{"data":{"mdx":{"body":"function _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"OpenVPN\",\n  \"description\": \"OpenVPN installation and configuration\"\n};\n\nvar makeShortcode = function makeShortcode(name) {\n  return function MDXDefaultShortcode(props) {\n    console.warn(\"Component \" + name + \" was not imported, exported, or provided by MDXProvider as global scope\");\n    return mdx(\"div\", props);\n  };\n};\n\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, [\"components\"]);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"h2\", {\n    \"id\": \"installation\"\n  }, \"Installation\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"sudo apt install openvpn easy-rsa\\n\")), mdx(\"h2\", {\n    \"id\": \"configuration\"\n  }, \"Configuration\"), mdx(\"p\", null, \"From now on the commands below must be issued as root user (not sudo):\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"su -\\ncd /usr/share/doc/openvpn/examples/sample-config-files\\ngunzip -c server.conf.gz > /etc/openvpn/server.conf\\n\")), mdx(\"p\", null, \"Edit \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"/etc/openvpn/server.conf\"), \" and uncomment these lines:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \";push \\\"redirect-gateway def1 bypass-dhcp\\\"\\n;push \\\"dhcp-option DNS 208.67.222.222\\\"\\n;push \\\"dhcp-option DNS 208.67.220.220\\\"\\n;user nobody\\n;group nogroup\\n\")), mdx(\"p\", null, \"We continue configuration:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"echo 1 > /proc/sys/net/ipv4/ip_forward\\n\")), mdx(\"p\", null, \"Edit \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"etc/sysctl.conf\"), \" and uncomment this line:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"#net.ipv4.ip_forward=1\\n\")), mdx(\"h3\", {\n    \"id\": \"configure-firewall\"\n  }, \"Configure firewall\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"apt install ufw\\nufw allow ssh\\nufw allow 1194/udp\\n\")), mdx(\"p\", null, \"Edit \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"/etc/default/ufw\"), \" and change this line:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"DEFAULT_FORWARD_POLICY=\\\"DROP\\\"\\n\")), mdx(\"p\", null, \"to\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"DEFAULT_FORWARD_POLICY=\\\"ACCEPT\\\"\\n\")), mdx(\"p\", null, \"Edit \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"/etc/ufw/before.rules\"), \" and add the following lines on the top of the document:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"*nat\\n:POSTROUTING ACCEPT [0,0]\\n-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE\\nCOMMIT\\n\")), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Note\"), \": You must change eth0 for your server device name.\"), mdx(\"h3\", {\n    \"id\": \"activate-firewall\"\n  }, \"Activate firewall\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"ufw enable\\nufw status\\n\")), mdx(\"h3\", {\n    \"id\": \"create-keys-for-server\"\n  }, \"Create keys for Server\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd /etc/openvpn\\nmake-cadir easy-rsa\\n\")), mdx(\"p\", null, \"Edit \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"/etc/openvpn/easy-rsa/vars\"), \" and make it look like:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"# In how many days should certificates expire?\\nexport KEY_EXPIRE=3650\\n# Don't leave any of these fields blank\\nexport KEY_COUNTRY=\\\"US\\\"\\nexport KEY_PROVINCE=\\\"CA\\\"\\nexport KEY_CITY=\\\"SanFrancisco\\\"\\nexport KEY_ORG=\\\"Hal\\\"\\nexport KEY_EMAIL=\\\"youremail@address.com\\\"\\nexport KEY_OU=\\\"Hal\\\"\\n# X509 Subject Field\\nexport KEY_NAME=\\\"server\\\"\\n\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"openssl dhparam -out /etc/openvpn/dh2048.pem 2048\\n\")), mdx(\"p\", null, \"For Debian 9, issue these commands:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd /etc/openvpn/easy-rsa\\n. ./vars\\n./clean-all\\nln -s openssl-1.0.0.cnf openssl.cnf\\n./build-ca #Accept all defaults \\n./build-key-server server #Accept all defaults\\n\")), mdx(\"p\", null, \"For Debian 10, issue these commands:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd /etc/openvpn/easy-rsa\\n./easyrsa init-pki\\n./easyrsa build-ca\\n./easyrsa build-server-full server\\n\")), mdx(\"h4\", {\n    \"id\": \"copy-the-new-generated-certificates\"\n  }, \"Copy the new generated certificates\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd keys\\ncp server.crt server.key ca.crt ta.key /etc/openvpn\\n\")), mdx(\"h4\", {\n    \"id\": \"start-openvpn-server\"\n  }, \"Start OpenVPN server\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"service openvpn start\\n\")), mdx(\"h3\", {\n    \"id\": \"create-keys-for-clients\"\n  }, \"Create keys for Clients\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"For Debian 9, issue these commands:\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd /etc/openvpn/easy-rsa\\n./build-key client\\n\")), mdx(\"p\", null, mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"client\"), \" can be any name. Password is not mandatory\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"For Debian 10, issue these commands:\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"./easyrsa build-client-full clientname nopass\\n\")), mdx(\"h3\", {\n    \"id\": \"create-tls-auth-key\"\n  }, \"Create tls-auth key:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key\\n\")), mdx(\"h3\", {\n    \"id\": \"optional-generate-diffie-hellman-paramenters\"\n  }, \"(Optional) Generate Diffie-Hellman paramenters\"), mdx(\"p\", null, \"Necessary for the server end of a SSL/TLS connection\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"For Debian 9, issue these commands:\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd /etc/openvpn/easy-rsa\\n./build-dh\\n\")), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"For Debian 10, issue these commands:\")), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"./easyrsa gen-dh\\n\")), mdx(\"h3\", {\n    \"id\": \"tide-up\"\n  }, \"Tide up\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd\\nmkdir client\\ncp /usr/share/doc/openvpn/examples/sample-config-files/client.conf client\\nmv client/client.conf client/myclient.ovpn\\ncd /etc/openvpn/easy-rsa/keys\\ncp ca.crt client.crt client.key ta.key ~/client/\\n\")), mdx(\"h3\", {\n    \"id\": \"ovpn-configuration\"\n  }, \".ovpn configuration\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"cd ~/client\\nvi myclient.ovpn\\n\")), mdx(\"p\", null, \"Change these lines:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"remote my-server-1 1194\\n\\n;user nobody\\n;group nogroup\\n\\nca ca.crt\\ncert client.crt\\nkey client.key\\n\")), mdx(\"p\", null, \"to\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"remote 35.224.181.105 1194\\n\\nuser nobody\\ngroup nogroup\\n\\n# ca ca.crt\\n# cert client.crt\\n# key client.key\\n\")), mdx(\"p\", null, \"Now issue these commands:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"echo \\\"<ca>\\\" >> myclient.ovpn\\ncat ca.crt >> myclient.ovpn\\necho \\\"</ca>\\\" >> myclient.ovpn\\n\\necho \\\"<cert>\\\" >> myclient.ovpn\\ncat client.crt >> myclient.ovpn\\necho \\\"</cert>\\\" >> myclient.ovpn\\n\\necho \\\"<key>\\\" >> myclient.ovpn\\ncat client.key >> myclient.ovpn\\necho \\\"</key>\\\" >> myclient.ovpn\\n\\necho \\\"<tls-auth>\\\" >> myclient.ovpn\\ncat ta.key >> myclient.ovpn\\necho \\\"</tls-auth>\\\" >> myclient.ovpn\\n\")), mdx(\"h3\", {\n    \"id\": \"copy-ovpn-file-from-server-to-client\"\n  }, \"Copy .ovpn file from server to client\"), mdx(\"p\", null, mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"Note\"), \": All these steps are performed from the client machine, not the server:\"), mdx(\"pre\", null, mdx(\"code\", _extends({\n    parentName: \"pre\"\n  }, {}), \"ssh-copy-id -i .ssh/id_rsa.pub root@35.224.181.105\\nscp root@35.224.181.105:client/myclient.ovpn .\\n\")));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#installation","title":"Installation"},{"url":"#configuration","title":"Configuration","items":[{"url":"#configure-firewall","title":"Configure firewall"},{"url":"#activate-firewall","title":"Activate firewall"},{"url":"#create-keys-for-server","title":"Create keys for Server","items":[{"url":"#copy-the-new-generated-certificates","title":"Copy the new generated certificates"},{"url":"#start-openvpn-server","title":"Start OpenVPN server"}]},{"url":"#create-keys-for-clients","title":"Create keys for Clients"},{"url":"#create-tls-auth-key","title":"Create tls-auth key:"},{"url":"#optional-generate-diffie-hellman-paramenters","title":"(Optional) Generate Diffie-Hellman paramenters"},{"url":"#tide-up","title":"Tide up"},{"url":"#ovpn-configuration","title":".ovpn configuration"},{"url":"#copy-ovpn-file-from-server-to-client","title":"Copy .ovpn file from server to client"}]}]},"frontmatter":{"title":"OpenVPN","description":"OpenVPN installation and configuration"}}},"pageContext":{"isCreatedByStatefulCreatePages":false,"id":"c4f2e24a-058d-5f99-805b-a04d1d73db6b"}}}